Security News

September 25, 2020

Who is Tech Investor John Bernard?

This post was originally published on this siteJohn Bernard, the subject of a story here last week about a self-proclaimed millionaire investor who has bilked countless tech startups, appears to be a pseudonym for John Clifton Davies, a U.K. man who absconded from justice before being convicted on multiple counts of fraud in 2015. Prior to his conviction, Davies served 16 months in jail before being cleared of murdering his wife on their honeymoon in India. The Private Office of John Bernard, which advertises itself as a capital investment firm based in Switzerland, has for years been listed on multiple […]
September 24, 2020

Microsoft: Attackers Exploiting ‘ZeroLogon’ Windows Flaw

This post was originally published on this siteMicrosoft warned on Wednesday that malicious hackers are exploiting a particularly dangerous flaw in Windows Server systems that could be used to give attackers the keys to the kingdom inside a vulnerable corporate network. Microsoft’s warning comes just days after the U.S. Department of Homeland Security issued an emergency directive instructing all federal agencies to patch the vulnerability by Sept. 21 at the latest. DHS’s Cybersecurity and Infrastructure Agency (CISA) said in the directive that it expected imminent exploitation of the flaw — CVE-2020-1472 and dubbed “ZeroLogon” — because exploit code which can […]
September 23, 2020

Govt. Services Firm Tyler Technologies Hit in Apparent Ransomware Attack

This post was originally published on this siteTyler Technologies, a Texas-based company that bills itself as the largest provider of software and technology services to the United States public sector, is battling a network intrusion that has disrupted its operations. The company declined to discuss the exact cause of the disruption, but their response so far is straight out of the playbook for responding to ransomware incidents. Plano, Texas-based Tyler Technologies [NYSE:TYL] has some 5,300 employees and brought in revenues of more than $1 billion in 2019. It sells a broad range of services to state and local governments, including […]
September 17, 2020

Chinese Antivirus Firm Was Part of APT41 ‘Supply Chain’ Attack

This post was originally published on this siteThe U.S. Justice Department this week indicted seven Chinese nationals for a decade-long hacking spree that targeted more than 100 high-tech and online gaming companies. The government alleges the men used malware-laced phishing emails and “supply chain” attacks to steal data from companies and their customers. One of the alleged hackers was first profiled here in 2012 as the owner of a Chinese antivirus firm. Image: FBI Charging documents say the seven men are part of a hacking group known variously as “APT41,” “Barium,” “Winnti,” “Wicked Panda,” and “Wicked Spider.” Once inside of […]
September 16, 2020

Two Russians Charged in $17M Cryptocurrency Phishing Spree

This post was originally published on this siteU.S. authorities today announced criminal charges and financial sanctions against two Russian men accused of stealing nearly $17 million worth of virtual currencies in a series of phishing attacks throughout 2017 and 2018 that spoofed websites for some of the most popular cryptocurrency exchanges. The Justice Department unsealed indictments against Russian nationals Danil Potekhin and Dmitirii Karasavidi, alleging the duo was responsible for a sophisticated phishing and money laundering campaign that resulted in the theft of $16.8 million in cryptocurrencies and fiat money from victims. Separately, the U.S. Treasury Department announced economic sanctions […]
September 14, 2020

Due Diligence That Money Can’t Buy

This post was originally published on this siteMost of us automatically put our guard up when someone we don’t know promises something too good to be true. But when the too-good-to-be-true thing starts as our idea, sometimes that instinct fails to kick in. Here’s the story of how companies searching for investors to believe in their ideas can run into trouble. Nick is an investment banker who runs a firm that helps raise capital for its clients (Nick is not his real name, and like other investment brokers interviewed in this story spoke with KrebsOnSecurity on condition of anonymity). Nick’s […]
September 8, 2020

Microsoft Patch Tuesday, Sept. 2020 Edition

This post was originally published on this siteMicrosoft today released updates to remedy nearly 130 security vulnerabilities in its Windows operating system and supported software. None of the flaws are known to be currently under active exploitation, but 23 of them could be exploited by malware or malcontents to seize complete control of Windows computers with little or no help from users. The majority of the most dangerous or “critical” bugs deal with issues in Microsoft’s various Windows operating systems and its web browsers, Internet Explorer and Edge. September marks the seventh month in a row Microsoft has shipped fixes […]
September 2, 2020

The Joys of Owning an ‘OG’ Email Account

This post was originally published on this siteWhen you own a short email address at a popular email provider, you are bound to get gobs of spam, and more than a few alerts about random people trying to seize control over the account. If your account name is short and desirable enough, this kind of activity can make the account less reliable for day-to-day communications because it tends to bury emails you do want to receive. But there is also a puzzling side to all this noise: Random people tend to use your account as if it were theirs, and […]
August 28, 2020

Sendgrid Under Siege from Hacked Accounts

This post was originally published on this siteEmail service provider Sendgrid is grappling with an unusually large number of customer accounts whose passwords have been cracked, sold to spammers, and abused for sending phishing and email malware attacks. Sendgrid’s parent company Twilio says it is working on a plan to require multi-factor authentication for all of its customers, but that solution may not come fast enough for organizations having trouble dealing with the fallout in the meantime. Image: Wikipedia Many companies use Sendgrid to communicate with their customers via email, or else pay marketing firms to do that on their […]
August 27, 2020

Confessions of an ID Theft Kingpin, Part II

This post was originally published on this siteYesterday’s piece told the tale of Hieu Minh Ngo, a hacker the U.S. Secret Service described as someone who caused more material financial harm to more Americans than any other convicted cybercriminal. Ngo was recently deported back to his home country after serving more than seven years in prison for running multiple identity theft services. He now says he wants to use his experience to convince other cybercriminals to use their skills for good. Here’s a look at what happened after he got busted. Hieu Minh Ngo, 29, in a recent photo. Part […]
August 26, 2020

Confessions of an ID Theft Kingpin, Part I

This post was originally published on this siteAt the height of his cybercriminal career, the hacker known as “Hieupc” was earning $125,000 a month running a bustling identity theft service that siphoned consumer dossiers from some of the world’s top data brokers. That is, until his greed and ambition played straight into an elaborate snare set by the U.S. Secret Service. Now, after more than seven years in prison Hieupc is back in his home country and hoping to convince other would-be cybercrooks to use their computer skills for good. Hieu Minh Ngo, in his teens. For several years beginning […]
August 21, 2020

FBI, CISA Echo Warnings on ‘Vishing’ Threat

This post was originally published on this siteThe Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) on Thursday issued a joint alert to warn about the growing threat from voice phishing or “vishing” attacks targeting companies. The advisory came less than 24 hours after KrebsOnSecurity published an in-depth look at a crime group offering a service that people can hire to steal VPN credentials and other sensitive data from employees working remotely during the Coronavirus pandemic. “The COVID-19 pandemic has resulted in a mass shift to working from home, resulting in increased use of corporate […]
August 19, 2020

Voice Phishers Targeting Corporate VPNs

This post was originally published on this siteThe COVID-19 epidemic has brought a wave of email phishing attacks that try to trick work-at-home employees into giving away credentials needed to remotely access their employers’ networks. But one increasingly brazen group of crooks is taking your standard phishing attack to the next level, marketing a voice phishing service that uses a combination of one-on-one phone calls and custom phishing sites to steal VPN credentials from employees. According to interviews with several sources, this hybrid phishing gang has a remarkably high success rate, and operates primarily through paid requests or “bounties,” where […]
August 16, 2020

Microsoft Put Off Fixing Zero Day for 2 Years

This post was originally published on this siteA security flaw in the way Microsoft Windows guards users against malicious files was actively exploited in malware attacks for two years before last week, when Microsoft finally issued a software update to correct the problem. One of the 120 security holes Microsoft fixed on Aug. 11’s Patch Tuesday was CVE-2020-1464, a problem with the way every supported version of Windows validates digital signatures for computer programs. Code signing is the method of using a certificate-based digital signature to sign executable files and scripts in order to verify the author’s identity and ensure […]
August 14, 2020

Medical Debt Collection Firm R1 RCM Hit in Ransomware Attack

This post was originally published on this siteR1 RCM Inc. [NASDAQ:RCM], one of the nation’s largest medical debt collection companies, has been hit in a ransomware attack. Formerly known as Accretive Health Inc., Chicago-based R1 RCM brought in revenues of $1.18 billion in 2019. The company has more than 19,000 employees and contracts with at least 750 healthcare organizations nationwide. R1 RCM acknowledged taking down its systems in response to a ransomware attack, but otherwise declined to comment for this story. The “RCM” portion of its name refers to “revenue cycle management,” an industry which tracks profits throughout the life […]
August 14, 2020

Ransomware

This post was originally published on this siteRansomware is a special type of malware. Once it infected your computer, it encrypts all of your files and demands you pay a ransome if you want your files back. Be suspicious of any emails trying to trick you into opening infected attachments or click on malicious links, common sense is your best defense. In addition. backups are often the only way you can recover from ransomware.
August 13, 2020

Unique Passwords

This post was originally published on this siteMake sure each of your accounts has a separate, unique password. Can’t remember all of your passwords/passphrases? Consider using a password manager to securely store all of them for you.
August 12, 2020

Why & Where You Should You Plant Your Flag

This post was originally published on this siteSeveral stories here have highlighted the importance of creating accounts online tied to your various identity, financial and communications services before identity thieves do it for you. This post examines some of the key places where everyone should plant their virtual flags. As KrebsOnSecurity observed back in 2018, many people — particularly older folks — proudly declare they avoid using the Web to manage various accounts tied to their personal and financial data — including everything from utilities and mobile phones to retirement benefits and online banking services. From that story: “The reasoning […]
August 11, 2020

Microsoft Patch Tuesday, August 2020 Edition

This post was originally published on this siteMicrosoft today released updates to plug at least 120 security holes in its Windows operating systems and supported software, including two newly discovered vulnerabilities that are actively being exploited. Yes, good people of the Windows world, it’s time once again to backup and patch up! At least 17 of the bugs squashed in August’s patch batch address vulnerabilities Microsoft rates as “critical,” meaning they can be exploited by miscreants or malware to gain complete, remote control over an affected system with little or no help from users. This is the sixth month in […]
August 6, 2020

Hacked Data Broker Accounts Fueled Phony COVID Loans, Unemployment Claims

This post was originally published on this siteA group of thieves thought to be responsible for collecting millions in fraudulent small business loans and unemployment insurance benefits from COVID-19 economic relief efforts gathered personal data on people and businesses they were impersonating by leveraging several compromised accounts at a little-known U.S. consumer data broker, KrebsOnSecurity has learned. In June, KrebsOnSecurity was contacted by a cybersecurity researcher who discovered that a group of scammers was sharing highly detailed personal and financial records on Americans via a free web-based email service that allows anyone who knows an account’s username to view all […]
August 5, 2020

Porn Clip Disrupts Virtual Court Hearing for Alleged Twitter Hacker

This post was originally published on this sitePerhaps fittingly, a Web-streamed court hearing for the 17-year-old alleged mastermind of the July 15 mass hack against Twitter was cut short this morning after mischief makers injected a pornographic video clip into the proceeding. 17-year-old Graham Clark of Tampa, Fla. was among those charged in the July 15 Twitter hack. Image: Hillsborough County Sheriff’s Office. The incident occurred at a bond hearing held via the videoconferencing service Zoom by the Hillsborough County, Fla. criminal court in the case of Graham Clark. The 17-year-old from Tampa was arrested earlier this month on suspicion […]
August 3, 2020

Robocall Legal Advocate Leaks Customer Data

This post was originally published on this siteA California company that helps telemarketing firms avoid getting sued for violating a federal law that seeks to curb robocalls has leaked the phone numbers, email addresses and passwords of all its customers, as well as the mobile phone numbers and other data on people who have hired lawyers to go after telemarketers. The Blacklist Alliance provides technologies and services to marketing firms concerned about lawsuits under the Telephone Consumer Protection Act (TCPA), a 1991 law that restricts the making of telemarketing calls through the use of automatic telephone dialing systems and artificial […]
July 31, 2020

Three Charged in July 15 Twitter Compromise

This post was originally published on this siteThree individuals have been charged for their alleged roles in the July 15 hack on Twitter, an incident that resulted in Twitter profiles for some of the world’s most recognizable celebrities, executives and public figures sending out tweets advertising a bitcoin scam. Amazon CEO Jeff Bezos’s Twitter account on the afternoon of July 15. Nima “Rolex” Fazeli, a 22-year-old from Orlando, Fla., was charged in a criminal complaint in Northern California with aiding and abetting intentional access to a protected computer. Mason “Chaewon” Sheppard, a 19-year-old from Bognor Regis, U.K., also was charged […]
July 30, 2020

Is Your Chip Card Secure? Much Depends on Where You Bank

This post was originally published on this siteChip-based credit and debit cards are designed to make it infeasible for skimming devices or malware to clone your card when you pay for something by dipping the chip instead of swiping the stripe. But a recent series of malware attacks on U.S.-based merchants suggest thieves are exploiting weaknesses in how certain financial institutions have implemented the technology to sidestep key chip card security features and effectively create usable, counterfeit cards. A chip-based credit card. Image: Wikipedia. Traditional payment cards encode cardholder account data in plain text on a magnetic stripe, which can […]
July 29, 2020

Here’s Why Credit Card Fraud is Still a Thing

This post was originally published on this siteMost of the civilized world years ago shifted to requiring computer chips in payment cards that make it far more expensive and difficult for thieves to clone and use them for fraud. One notable exception is the United States, which is still lurching toward this goal. Here’s a look at the havoc that lag has wrought, as seen through the purchasing patterns at one of the underground’s biggest stolen card shops that was hacked last year. In October 2019, someone hacked BriansClub, a popular stolen card bazaar that uses this author’s likeness and […]